Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER ISC Bind libdns EDNS option handling denial of service attempt

Rule Explanation

This event is generated when an attacker attempts to exploit a denial of service vulnerability in ISC Bind's libdns library. Impact: Detection of a Denial of Service Attack Details: This rule checks for an attempt to exploit a denial of service vulnerability in the ISC Bind libdns library's handling of EDNS options. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives


Cisco Talos Intelligence Group

MITRE ATT&CK Framework



For reference, see the MITRE ATT&CK vulnerability types here:


Rule Vulnerability

CVE Additional Information

libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.
SeverityMEDIUM Base Score5.0
Impact Score2.9 Exploit Score10.0
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactPARTIAL Access Vector
AuthenticationNONE Ease of Access